Hello again friends,
I have been promising to write shorter emails, but I'm afraid I'm going to fail you again. Part two is around 3000 words and is the longest of them all; data security is a big topic. So strap in, and grab yourself a drink. You may want to add it to your read-it-later app, it's around a 15-minute read.
Thinking Out Loud
In this series of essays, I aim to explore the true cost of full control of your notes so you can better evaluate what’s most important to you and ensure that you choose the tool best suited for your use-cases and which also matches your stance on control.
As with all my essays, they are my way of learning in public, so if you have thoughts or feedback, I’d love to hear them. Just reply to this email.
Data Security & Privacy
In part one, we discussed data ownership and data lock-in. Now we focus on data security and its closely related term, data privacy.
To have full control of your notes means being responsible for their security. If you take notes and either journal or work for a business where you’re creating intellectual property, then the security of those notes is imperative.
There are many factors to this question of security, but there is one critical thing to keep in mind; data security and privacy are always trade-offs against convenience, utility and control.
The most secure computing device is a machine which is physically located in a secure facility with controlled access, no network connections and no way of removing data from that machine. It’s also extremely inconvenient to use.
We’ll explore the different facets of security, diving into the layers of encryption, the physical security of your computer and the networks you use. We will consider the role of trust and cover some practical steps and advice for securing your data.
My goal is not to scare you but merely to make sure you know the levels of security and precautions needed to protect your critical information and the trade-offs you are willing to make.
Whenever you are accessing network resources, it should be via a secure connection so that others cannot snoop and extract your usernames, passwords and private data as they pass by on the route from your computer to the remote server.
It is easier to see this in a web browser, but a dedicated application will handle this behind the scenes, so generally, you have to hope it’s doing the right thing. You can purchase and install applications like Little Snitch on the Mac (there will be similar on Windows), which make it easy to monitor all the outgoing network traffic and allow or deny connections. You’ll be surprised just how many applications call out to external services.
In terms of browsers, look for the padlock icon and double-check the actual URL you are visiting is the one you think it is. Blindly assuming that because you see a padlock symbol, you’re secure is naïve. It is a common trick, especially for phishing attacks, where the start of the URL looks like it’s the site you’re expecting to visit, but the end is not. For example, it could be something like
www.paypal-com.a-dodgy-website.com. It will most likely be secured with an SSL certificate; all that means is that you can securely send your private information to the hucksters.
I highly recommend changing your browser settings to show complete URLs to make these more visible.
SSL Certificates are free and easy to set up and more automated than ever. These certificates just verify that the domain name matches, but you can purchase other types of certificates that have further human validation checks to verify the organisation behind it.
When was the last time you actually checked a domain and a certificate to verify it’s the site you think it is?
Make a habit of clicking on the padlock and viewing the certificate for the site. Make sure you’re happy it is the site you want and not one that just looks like it.
When it comes to the physical security of your computer, if I have direct access to your machine, there is a good to excellent chance I can gain access to your files. I don’t need to know your password. Computers can be booted into single-user modes for file recovery–or the hard drive can be removed and attached to another computer directly to read the files.
Files on an unencrypted hard drive are easy to access by design. That’s good when it comes to the desire for interoperability; in note-taking terms, this means that you deliberately want several programs to have read and write access to those files.
This is why physical machine security is critical. This is especially true of portable computers like laptops. I’m sure you’ve seen plenty of news stories where devices get left behind on trains or in cafés and are stolen.
Modern operating systems do have options to transparently encrypt your hard drives, for example, FileVault on Macs. You have to enable it, but it does mean that you must take care of the keys securely. They are usually linked to your user login credentials, so these too must be secured and cared for; otherwise, you will lose access to all the data on your computer.
However, this only provides protection when your computer has been switched off or your computer screen is locked. When you are using your computer, the applications you have running will be able to read and write files as if there was no encryption.
Trust (No one)
You may have heard this term, but what does it mean? Trust no one (TNO) computing is an approach to security where you, the owner of the information, are the only one trusted with the encryption keys.
In a TNO setup, when the information has been encrypted (by a suitable algorithm) using your private key/password, access to that data is restricted to those who hold that key. Lose the key, and you lose your data. It’s as simple as that.
There are few tools for thought which can currently claim they are a TNO service. Roam is one, as is Obsidian. However, as we’ll see shortly, there is more to consider in this definition where all can fall short.
Roam recently delivered their fully encrypted graphs, and in TNO terms, what this means for Roam is that before the blocks leave your physical computer to be synced with Roam’s servers, they are encrypted by the password you entered when you created the graph. This password isn’t stored anywhere; you are fully responsible for its safety and security. Without it, your encrypted graph becomes unusable, and there is nothing that anyone can do about it. That is the trade-off for this ultimate security.
There are other ways that notes can be encrypted where both you, the data owner, and the application/service providers each have a key so that notes are stored on external servers in an encrypted form which prevents casual viewing or limits the fallout in the event of a breach, but it doesn’t meet the TNO bar since it means that the application owners staff can get to your notes if they wanted to, i.e. to help you recover your data if you lose your key.
It is worth noting that TNO only relates to the data leaving your computer. It assumes you trust your machine.
Securing your notes
Here is where things get interesting. Many people are very concerned about cloud-based note-taking applications and that their notes are stored on the syncing service computers.
However, they are not likely to take anywhere close to the same measures that a professional takes when setting up and running a server for a dedicated service. Your personal computer is far more likely to be insecure. It might be hard to admit, but you are likely the weakest link in the security chain.
Unlike a dedicated server with one job, your computer is used for multiple purposes, which means you likely have hundreds of programs on your computer that run, often without your knowledge. If you’re on Windows, look at your Windows Task Manager, or if you’re on a Mac, open Activity Monitor. You’ll see a big list of processes (programs) running. Do you know what every single one does?
One of them could be a malicious program acting as a trojan horse, allowing an attacker direct access to rifle through your computer and take what they want. It doesn’t matter if you have firewalls in place if you allow them in by running a questionable program.
Unless you know and trust all of these applications, any one of those could be quietly reading your files or logging your keystrokes and sending the data to someone else’s private server.
There’s a swing back toward locally hosted plain text files for notes for interoperability and ownership in the tools for thought space at the moment.
One of the reasons for writing this series of essays is to raise awareness of the fact that while, yes, because you have these files on your computer, you do definitively own them, that doesn’t mean that you exclusively do.
It is easy and common for personal computers to be compromised through many methods. Note files are a particular target because they are often used to store passwords, bank details and other private information.
Unless your plain text notes are also stored in an encrypted form on your computer hard disks, then how sure are you that you haven’t been hacked or compromised where all those notes have been found and shuffled off elsewhere without you even knowing?
Ideally, each individual file should be encrypted with the encryption/decryption happening at the application level. This, however, isn’t convenient and specifically makes it difficult from an interoperability perspective. All applications need to know what encryption algorithm is used, and you would have to enter the password in every application. Plus, it makes searching difficult and slow. Every file has to be decrypted to be read and made searchable.
In Roam, before the introduction of fully encrypted graphs, you could individually password protect and encrypt specific blocks in your graph using the
/Encrypted Text slash command.
This is not to say Roam is perfect. While it uses local databases to store notes, the data still persists on disk (especially for local offline access), so it’s perfectly possible for rogue programs to get access and read those files. They’re just not as easily read and pieced together as plain text files.
The better tools for thought are extensible. Users and developers outside of the core team can build plugins to extend the utility of the software. This is desirable, but it also brings further security risks too.
If you are concerned that your notes might be read by the Roam team when using unencrypted hosted graphs, then you should absolutely not install any plugins that you have not vetted the source code for fully yourself, and you absolutely should not want to use any plugins which send your data to other external services unless you know exactly how it’s done, and how they handle your private note data.
It’s also currently popular to want to use AI services like GPT-3 in our tools for thought, but at present, it’s simply not possible to have AI of that kind of quality run entirely locally on your computer. The large language models require significant infrastructure to process, so your private note data has to be sent to those services to be read and evaluated. What is unclear is what exactly happens to your data when it does. How is it stored, is it used as additional learning material to be utilised in other future queries for other users, and so on?
It’s for another article, but the technology is moving faster than our ability to carefully think through the ramifications of AI and the ethical and moral quandaries it will inevitably throw up. The potential use of your private notes for others’ commercial benefit is just one of them.
With the recent introduction of Roam Depot, the Roam team are now vetting and verifying that third-party plugins are not doing dangerous or insecure things with your notes. This is especially important when you’re using encrypted graphs, so you’re not undoing the security you thought you had.
Hopefully, extensions will be clearly marked if your note data will be leaving your personal computer and processed externally in some form.
For notes stored locally, you are responsible for their security and availability. We’ll talk more about availability in the next essay, where we’ll cover in more detail backups and syncing. For now, for the purposes of discussing security, let’s just agree that you are responsible for the physical security of the data you have in your possession, so you need to be responsible for the hardware itself and protect it against loss and theft, and since computers and users are prone to error, you must take backups and manage those from both a physical and logical perspective.
The chain of trust
The reality is that in the end, you have to trust others somewhere along the line. Unless you have the knowledge and skills to effectively audit every application and the operating system of the computer itself, then having taken your own precautions, at some point, you have to trust that others aren’t doing something nefarious and have followed good practices too.
Most of the way the internet works is built on a trust but verify model, and certainly, when it comes to closed source software, you have to trust and hope that there are no egregious security holes or bugs in the system, though history has often proven this not the case to date.
Every day new vulnerabilities or ways to gain access to systems are discovered, so you must be vigilant and keep your operating systems and applications up to date to ensure that security bugs, particularly, are fixed.
You may think I have painted a pretty bleak picture, but if you are now more aware of the risks, then you can take steps to mitigate them.
Here are some practical steps I recommend you take:
- Consider encrypting your entire hard drive as a minimum.
- Install trusted, quality anti-virus software and keep it maintained.
- Install only software from trusted sources like vetted app stores, and when you can’t, do your own due diligence and research before you decide to trust a random website that appears to be offering software you want or need.
- Make sure you keep your computer up to date. Apply updates from the OS manufacturer, as well as for the individual applications, especially those that are security-related.
- Don’t run services like file or printer sharing you don’t need. Be wary of installing remote control software that grants you the ability to operate your computer remotely. Convenient for you, maybe, but it’s another avenue where an attacker can get in if there are bugs or vulnerabilities in that software.
- Be wary of programs which could be accessing your computer’s microphone or cameras. It’s possible to switch them on without your knowledge on many computers.
- You should ensure your internet connection hardware is up to date with firmware patches and has features like firewalls and intrusion detection measures.
- Joining public wifi networks can be risky; consider using a VPN connection to do your work when you need to use them, and ensure you at least have a firewall enabled on your computer.
As you’ve seen, passwords and keys (both physical keys and encryption keys) are critical to securing your data, so they must be managed carefully and securely.
How are you managing your passwords? Do you have a go-to password, and do you use it for different services? If you take nothing else away from this article, let it be this. Use a password manager to generate long and complex passwords uniquely for each service you sign up for. Whatever you then use for your single master password, ensure that it is long. Length is more important than complexity, but when you only need to remember one password, you can afford to make it more complex.
It is relatively easy to create strong passwords. Here are a few methods:
Simply choose 4 or 5 words that are easy for you to remember - that aren’t names of people or pets you know - but are essentially random, e.g.
marvellous-raindrops-burning-newspaper. A good password manager will generate these for you. Keep running the generator until you find a pleasing arrangement that you will easily remember.
Want a little more complexity, use the symbols and numbers and case using a pattern you’ll remember, e.g.
Use a memorable sentence from a book you like and take the first letters of each word. If the services you’re using ask you to use numbers and symbols, come up with a convention that you’ll easily remember. For example, replace all L’s with 1’s or E’s with 3’s. Add punctuation marks at the beginning or end, much like you would in a normal sentence. Follow similar rules for capital letters.
Spaces are good in passwords, but you do have to be careful about invisible characters because they are hard to debug when it’s not working.
Is a sen7ence such as th1s an 3xcellent password?!
It’s complex yet easy to memorise. It contains numbers, symbols and mixed case, most importantly, it’s 50 characters in length, so it’s hard to crack.
I don’t blame you if this feels a little overwhelming. It’s far preferable to stick your head in the sand and just hope that these scenarios don’t happen to you.
Data security is far more important than simple data ownership. There are a lot of links in the security chain. Any one of these elements in the chain fails, and your data can be compromised. Once your note privacy has been breached, there’s no going back.
Ultimately, it’s a question of risk; how likely do you think that:
- Your computer or some component will fail?
- Your home and/or office will be broken into?
- Your home/office will be caught in some kind of disaster (natural or manmade)?
- You lose your computer (i.e. left in a coffee shop or on a train)?
- There’s a bug in one of the pieces of software?
- Your trust in the authors of plugins or the application and OS software you use is misplaced, and they are doing something insecure on purpose or by accident?
- If the data gets out, what are the ramifications of it to you or your family personally, or for your employer’s organisation, or others?
You have to make the judgement for yourself with the kinds of information that you want or need to work with, and you should also be mindful of the laws of your country and the needs of your employer when it comes to work-oriented information.
So now you have got a flavour of what it really takes to maintain control and ownership of your data. What steps are you currently taking, and what steps do you intend to start taking?
In the final part of this series, we'll take a deeper look into data availability and how that relates to ownership and security. After all, if your notes aren't available when you need them, they're not of much use.
Thanks for reading. And don't forget you can give me your feedback by replying to this email. I read and appreciate them all, even if I cannot respond to everything.
Until next time,
P.S. If you enjoy my work and find value in the ideas I share, please consider contributing to my running costs. I accept donations via Buy Me a Coffee.
Alternatively, if you'd like some help or guidance for making the most of Roam in your note-taking practice, I offer a few private 1-1 Roam coaching sessions.